Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Aurora PopUps Infection [RESOLVED]

wegodzilla99

Posted 10 September 2005 - 04:53 PM

wegodzilla99

Member

Member

48 posts

Hello! Once again, I am helping a friend fix their computer. Aurora pops are pretty bad, and the computer has difficutly starting in normal mode (Right now i am running the computer in safe-mode with networking). So far i have ran windows cleanup, cwshredder, spybot, Ad-ware, Ewido, and Tredhousecall online scan. Here is the most recent HJT log, and the log from Ewido.

When you run ewido for the first time, you may get a warning "Database could not be found!". Click OK. We will fix this in a moment.

From the main ewido screen, click on update in the left menu, then click the Start update button.

After the update finishes (the status bar at the bottom will display "Update successful")

Click on the Scanner button in the left menu, then click on Complete System Scan. This scan can take quite a while to run.

If ewido finds anything, it will pop up a notification. We have been finding some cases of false positives with the new version of Ewido, so we need to step through the fixes one-by-one. If Ewido finds something that you KNOW is legitimate (for example, parts of AVG Antivirus, pcAnywhere and the game "Risk" have been flagged), select "none" as the action. DO NOT check "Perform action with all infections". If you are unsure of an entry, select "none" for the time being. I'll see that in the log you will post later and let you know if ewido needs to be run again.

When the scan finishes, click on "Save Report". This will create a text file. Make sure you know where to find this file again.

6. Please finish up by rebooting your system once more, and posting a new HijackThis log and the log from the Ewido scan.

wegodzilla99

Posted 11 September 2005 - 10:13 PM

wegodzilla99

Member

Topic Starter

Member

48 posts

Ugh! For the life of me i can not uninstall the program! It does not show up on the list of programs in the add/remove programs list. It also will not let me delete the folder because it says the program is in use.......

Trevuren

Posted 11 September 2005 - 10:38 PM

Trevuren

Posted 11 September 2005 - 10:53 PM

Trevuren

Old Dog

Retired Staff

18,699 posts

Please print out or copy this page to Notepad. Make sure to work through the fixes in the exact order in which they are mentioned below. If there's anything that you don't understand, ask your question(s) before proceeding with the fixes.

First we need to make all files and folders VISIBLE:

Go to start>control panel>folder options>view (tab)

Choose to "show hidden files and folders,"

Uncheck the "hide protected operating system files" and the "hide extensions for know file types" boxes.

wegodzilla99

Posted 11 September 2005 - 11:23 PM

wegodzilla99

Member

Topic Starter

Member

48 posts

Hello, I am currently on my computer (The computer we are fixing is my roommates, in the other room). I am having troubles again removing the surfersidekick 3 folder. It says its in use. Also i was unable to delete repairs.dll for the same reasons. I deleted all the other files if they were present with no problems.

I have not yet rebooted the computer into normal mode because i am waiting to see what you have to say about the surfersidekik 3 folder and repairs.dll

3. Open Reglite and Copy&Paste the bold text below into the Address Bar and hit EnterHKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows4. In the smaller left hand pane-> Right Click the Windows folder (Highlighted in Blue)Select Rename-> Rename it to Windoz-> Hit Enter5. In the larger right hand pane-> locate and double clickAppInit_DLLsUnderValue-> Remove(Delete)-> repairs.dll6. Open the Search Assistant (Click Start>>Click Search)

Select All Files and Folders,

Select Advanced Options,

Make sure there is a check by every box under Advanced options

7. Under All Files and Folders, enter this into the text box:repairs.dllDelete any exact matches

wegodzilla99

Posted 12 September 2005 - 10:49 AM

wegodzilla99

Member

Topic Starter

Member

48 posts

Allrighty, I did what you said and I was able to delete repairs.dll!!! Thank you so much! Ok then i used windows add/remove programs to uninstall sufersidekick like you said before. then i used HJT and checked this line:

Trevuren

Posted 12 September 2005 - 12:08 PM

Trevuren

Old Dog

Retired Staff

18,699 posts

Please print out or copy this page to Notepad. Make sure to work through the fixes in the exact order in which they are mentioned below. If there's anything that you don't understand, ask your question(s) before proceeding with the fixes.

First we need to make all files and folders VISIBLE:

Go to start>control panel>folder options>view (tab)

Choose to "show hidden files and folders,"

Uncheck the "hide protected operating system files" and the "hide extensions for know file types" boxes.

Now with all the items selected, and all windows closed except for HJT, delete them by clicking the FIX checked button. Close the HijackThis window.

Reboot Your System

Finally, RUN Hijackthis again and produce a new HJT log. Post it in the forum so we can check how everything looks now. In addition, please tell me if there are any more malware problems that you are aware of.